Closed

Controller returns 400 with HTML on production, on developt a 500 #3379

william@iwell.nl created 2 years ago

ABP Framework version: v5.2.2
UI type: Angular
DB provider: EF Core
Tiered (MVC) or Identity Server Separated (Angular): Angular/
Exception message and stack trace:
Steps to reproduce the issue:"

An endpoint always throws an Exception (as test). I expect this endpoint to return a 500 with json, and on a local develop environment it does. However on production the endpoint returns a 400 with html.

What causes this?

Deployed on a production server:

Local development:

7 Answer(s)

maliming created 2 years ago

Support Team Fullstack Developer

There are differences in the Development and Production environment.

if (env.IsDevelopment())
{
    app.UseDeveloperExceptionPage();
}

if (!env.IsDevelopment())
{
    app.UseErrorPage();
    app.UseHsts();
}

0

william@iwell.nl created 2 years ago

hi, thanks for the quick reply.

That makes sense, I found the code and removed app.UseDeveloperExceptionPage();

However, I still get the a 500 with json. This is what I except, as an exception is thrown. However, what I don't understand is why on production a 400 with html is returned. This should also be a 500 with json, isn't it? I'm not aware of specific code to change this for production.
0

maliming created 2 years ago
Support Team Fullstack Developer

what I don't understand is why on production a 400 with html is returned

What are the error logs of HTTP 400?
0

william@iwell.nl created 2 years ago

2022-07-05T09:35:48.145810880Z [09:35:48 ERR] The required antiforgery cookie ".AspNetCore.Antiforgery.nixphHDAMN4" is not present.

After removing the cookies from postman, the request returned as excepted. I'm not sure why these cookies are there, maybe after a unauthorised request?
0

maliming created 2 years ago
Support Team Fullstack Developer

The postman will get cookies from the browser.
0

william@iwell.nl created 2 years ago

Thanks, your hint made me digging through the logs, and I see more 400 requests. For example after a DependencyResolutionException which happen during a deployment. So if I understand correctly, exceptions like AntiForgery and DependencyResolutionException are returned with statuscode 400?

This behaviour is unwanted for certain endpoints. For example a webhook, called from Azure event grid, to push messages. When event grid receives a 400, it won't retry the message. At a 500 it does.

Can this be disabled for certain endpoints, or do you have a suggestion how to solve this otherwise?
0

maliming created 2 years ago
Support Team Fullstack Developer

hi

So if I understand correctly, exceptions like AntiForgery and DependencyResolutionException are returned with statuscode 400?

DependencyResolutionException should be get 500, the AntiForgery will get 400.

Many validation errors will use 400 code, eg: Parameter validate error. AntiForgery token. etc.

This behaviour is unwanted for certain endpoints. For example a webhook, called from Azure event grid, to push messages. When event grid receives a 400, it won't retry the message. At a 500 it does.

400 means the request info has something wrong. You should check the Azure request.